Appl. No. 09/998,926 PATENT 
Amdt. dated October 10, 2007 

Amendment under 37 CFR 1.116 Expedited Procedure 
Examining Group 2143 

Amendments to the Claims: 

Please cancel claims 16 and 49 without prejudice or disclaimer. This listing of claims 
will replace all prior versions, and listings of claims in the application: 

Listing of Claims: 

1-14. (Canceled) 

15. (Currently Amended) A method for identifying members of a group, 
comprising the steps of: 

determining dynamic members of a first user group based on a rule that defines 
dynamic membership for said first user group, wherein said rule is stored in a dynamic rule 
attribute of an identity profile of said first user group and wherein said first user group includes 
one or more static members and an identification of each of said static members is stored in a 
static member attribute for said identity profile of said first user group ; 

storing an identification of each of said dynamic members of said first user group 
wherein said identification of each of said dynamic members is stored in said static member 
attribute for said identity profile of said first user group ; 

determining nested members of said first user group; 

storing an identification of each of said nested members of said first user group; 

receiving a request to report members of said first user group, said request is 
received subsequent to said step of storing; and 

reporting said dynamic members and said nested members of said first user group 
in response to said request, said reporting of said dynamic members is performed based on said 
stored identification of said dynamic members and said reporting of said nested members is 
performed based on said stored identification of said nested members. 
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16. (Canceled) 



17. (Currently Amended) A method according to claim 15, wherein: 
said first user group includes one or more static members; 

an identification of each of said static members is stored in a static member 
attribute for said identity profile of said first user group; 

said identity profile of said first user group also includes an expansion attribute; 

and 

said method can only be performed if said expansion attribute includes an 
appropriate value. 

18. (Previously Presented) A method according to claim 17, wherein: 

said method can only be performed for an entity having access to said expansion 
attribute and said dynamic rule attribute. 

19. (Original) A method according to claim 15, wherein: 
said steps of determining and storing are automatically repeated. 

20. (Original) A method according to claim 15, wherein: 

said steps of determining, storing and receiving are performed by an integrated 
identity and access system. 

21 . (Previously Presented) A method according to claim 20, wherein: 

said integrated identity and access system is capable of performing authorization 
services based on membership in said first user group. 

22. (Canceled) 

23. (Previously Presented) A method according to claim 15, wherein: 
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said nested members include members of multiple levels of nested groups. 



24. (Previously Presented) A method according to claim 15, wherein: 
said step of determining nested members includes recursively determining 
members of group members. 



26. (Previously Presented) A method according to claim 15, wherein said step 
of determining nested members includes the steps of: 

determining all static group members of said first user group; 
determining all static and dynamic members of said static group members of said 
first user group; 

determining all static group members of said static group members of said first 
user group; and 

determining all members of said static group members of said static group 
members of said first user group. 

27. (Previously Presented) A method according to claim 15 wherein: 
said first user group and nested groups of said first user group include rules 

defining criteria for being dynamic members; and 

said step of determining dynamic members includes the steps of determining a 
normalized set of said rules and determining which users are defined by said normalized set of 
said rules, said users defined by said normalized set of said rules are said dynamic members of 
said first user group. 



25. (Currently Amended) A method according to claim 15, wherein: 
said first user group includes one or more static members; and 
said step of reporting includes reporting said static members. 



28. 



(Currently Amended) A method according to claim 15, wherein: 
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said first user group includes one or more static members; and 
said step of reporting includes reporting said static members. 

29-34. (Canceled) 

35. (Currently Amended) One or more processor readable storage devices 
having processor readable code embodied on said processor readable storage devices, said 
processor readable code for programming one or more processors to perform a method 
comprising the steps of: 

determining dynamic members of a first user group based on a rule that defines 
dynamic membership for said first user group, wherein said rule is stored in a dynamic rule 
attribute of an identity profile of said first user group and wherein said first user group includes 
one or more static members and an identification of each of said static members is stored in a 
static member attribute for said identity profile of said first user group ; 

storing an identification of each of said dynamic members of said first user group 
wherein said identification of each of said dynamic members is stored in said static member 
attribute for said identity profile of said first user group ; 

determining nested members of said first user group, said nested members include 
members of multiple levels of nested groups; 

storing an identification of each of said nested members of said first user group; 

receiving a request to report members of said first user group, said request is 
received subsequent to said step of storing; and 

reporting said dynamic members and said nested members of said first user group 
in response to said request, said reporting of said dynamic members is performed based on said 
stored identification of said dynamic members and said reporting of said nested members is 
performed based on said stored identification of said nested members. 

36. (Currently Amended) One or more processor readable storage devices 
according to claim 35, wherein: 
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said first user group includes one or more static members; and 
said step of reporting includes reporting said static members. 

37. (Original) One or more processor readable storage devices according to 
claim 36, wherein: 

said steps of determining and storing are automatically repeated. 

38. (Original) One or more processor readable storage devices according to 
claim 36, wherein: 

said steps of determining, storing and receiving are performed by an integrated 
identity and access system. 

39-43. (Canceled) 

44. (Currently Amended) An apparatus that can determine members of a 
group, comprising: 

a communication interface; and 

one or more processors in communication with said communication interface, 
said one or more processors perform a method comprising the steps of: 

determining dynamic members of a first user group based on a rule that 
defines dynamic membership for said first user group, wherein said rule is stored in a dynamic 
rule attribute of an identity profile of said first user group an d wherein said first user group 
includes one or more static members and an identification of each of said static members is 
stored in a static member attribute for said identity profile of said first user group , 

storing an identification of each of said dynamic members of said first user 
group wherein said identification of each of said dynamic members is stored in said static 
member attribute for said identity profile of said first user group , 

determining nested members of said first user group, said nested members 
include members of multiple levels of nested groups; 
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storing an identification of each of said nested members of said first user 

group; 

receiving a request to report members of said first user group, said request 
is received subsequent to said step of storing, and 

reporting said static members, said dynamic members, and said nested 
members of said first user group in response to said request, said reporting of said dynamic 
members is performed based on said stored identification of said dynamic members and said 
reporting of said nested members is performed based on said stored identification of said nested 
members. 

45. (Original) An apparatus according to claim 44, wherein: 
said steps of determining and storing are automatically repeated. 

46. (Original) An apparatus according to claim 44, wherein: 

said steps of determining, storing and receiving are performed by an integrated 
identity and access system. 

47. (Canceled) 

48. (Currently Amended) An integrated identity and access system 

comprising: 

an identity system adapted to determine dynamic members of a first user group 
based on a rule that defines dynamic membership for said first user group, wherein said rule is 
stored in a dynamic rule attribute of an identity profile of said first user group and wherein said 
first user group includes one or more static members and an identification of each of said static 
members is stored in a static member attribute for said identity profile of said first user group , 
store an identification of each of said dynamic members of said first user group wherein said 
identification of each of said dynamic members is stored in said static member attribute for said 
identity profile of said first user group , determine nested members of said first user group, store 
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an identification of each of said nested members of said first user group, receive a request to 
report members of said first user group, said request is received subsequent to said step of 
storing, and report said dynamic members and said nested members of said first user group in 
response to said request, said reporting of said dynamic members is performed based on said 
stored identification of said dynamic members and said reporting of said nested members is 
performed based on said stored identification of said nested members; and 

an access system adapted to perform authentication services based on membership 
in said first user group. 

49. (Canceled) 

50. (Canceled) 

5 1 . (Previously Presented) The integrated identity and access system of claim 
48, wherein the identity system is adapted to determine nested members by: 

determining all static group members of said first user group; 
determining all static and dynamic members of said static group members of said 
first user group; 

determining all static group members of said static group members of said first 
user group; and 

determining all members of said static group members of said static group 
members of said first user group. 

52. (Previously Presented) The integrated identity and access system of claim 
48, wherein said first user group and nested groups of said first user group include rules defining 
criteria for being dynamic members and the identity system is adapted to determine dynamic 
members by determining a normalized set of said rules and determining which users are defined 
by said normalized set of said rules, said users defined by said normalized set of said rules are 
said dynamic members of said first user group. 
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